Share this article on:
Following the Medibank hack last week, it’s estimated up to four million Aussies could be at risk of having their data stolen, with Cyber Security Minister Clare O’Neil declaring that it was a “dog act” for the hackers to steal Australians’ health information.
The country is “behind the eight ball” on the data theft front, according to Cyber Security Minister Clare O’Neil in the wake of the Optus and Medibank security breaches.
The alleged Medibank hackers claim they have stolen 200Gb of data which includes medical history, including where medical services were received and codes relating to their diagnosis and procedures. Medicare numbers, addresses, phone numbers and some claims data were also included in the breach.
The Medibank hacking swiftly following the Optus data breach last month was a large concern, Minister O’Neil warned.
“We’ve really got to just step back and have a good conversation here about what is going on and why it is that we are so behind the eight ball with cyber issues generally,” Minister O’Neil told the Seven Network.
“We’ve got to muscle up here and understand that this is our future, and our job is to make sure that the country is better prepared when things like this happen,” Minister O’Neil added.
Medibank has provided Services Australia with information on Medicare or Centrelink details that may have been impacted by the hacking following the data breach.
Government notices have confirmed Services Australia will then be able to compare the affected data and apply extra security measures to customer records.
Minister O’Neil has confirmed that she “would take Medibank at their word that they had taken all necessary steps after the company became aware of the breach”.
However, the Minister has disclosed that it was still not clear exactly what information had been taken and which customers had been affected, indicating that the possible breach of medical details was alarming.
“At the end of the day, you can replace a credit card.
“This is health information, it is private and personal information of people that has no place being put into the public realm,” Minister O'Neil added.
“It will be a dog act if these cyber thugs make the decision to make any of the information public.”
The government had been slow to act on the cyber breaches, opposition government services spokesman Paul Fletcher asserted, noting that affected customers are still in the dark and rightly fearful of the integrity of their accounts.
“This confusion is compounded by the changing allocation of ministerial responsibility for cyber security,” Fletcher said in a statement.
Opposition Leader Peter Dutton said the coalition was happy to support legislation to tighten up personal data being stored by companies.
“It needs to be dealt with quickly,” Dutton told the Nine Network in an interview on Friday.
According to the Sydney Morning Herald and The Age, the hackers claimed to have stolen 200 gigabytes of sensitive information and were threatening to contact “prominent customers” to prove they are serious, in a message to Medibank obtained by the Fairfax papers.
“We will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc),” the hackers said.
“Also we’ve found people with very interesting diagnosis. And we’ll email them their information.”
The revelation that customer data has been leaked comes just over a week after Medibank was first notified there were malicious actors on its network.
Medibank began investigations immediately and assured the government there had been no data stolen in the initial breach but continued to work with authorities to ensure the hackers were removed from its network.
[Related: Lazy passwords putting two-thirds of Aussie organisations at risk]